CVE-2024-12430

Name of the Vulnerable Software and Affected Versions AC500 V3 versions prior to 3.8.0

Description An attacker who successfully exploits this issue could cause command execution. The vulnerability exists in the AC500 V3 version, where after successfully exploiting a directory traversal vulnerability, a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by the root user.

Recommendations For versions prior to 3.8.0, update the firmware to version 3.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable directory to minimize the risk of exploitation. Avoid using specifically crafted files that could be used to inject arbitrary commands until the issue is resolved.